I'm using this login script, http://tutorialzine.com/2009/10/cool-login-system-php-jquery/
I'm setting a cookie on encrypted.site.com, but I also want it to function on site.com and *.site.com. How could I do this?
It sets 2 cookies, tzLogin & tzRemember, one permanent, one session cookie.
Set the 5th parameter (domain) to allow for any subdomains by prefixing a period. This will allow requests for site1.site.com, site2.site.com as well as site.com to send the cookie along:
setcookie('cookiename', 'cookiedata', time()+86400, '/', '.site.com');
http://us.php.net/manual/en/function.setcookie.php
Related
I have:
mydomain.com (which is the portal of the game, global setting and stuff)
game.mydomain.com (which is the the actual game)
The problem is that I want to set a cookie that is available globally, on game.mydomain.net, mydomain.net (and whatever subdomain i'm going to create in the future).
I've been trying to set the cookie from another subdomain as I've read that subdomains can set cookies to parent domains but not vice versa (which is wierd and I guess I've read it wrong). Whatever, so I've done another account.mydomain.com (from which I'm making an ajax call form mydomain.net so the user can authenticate) and I'm using
setcookie('session', $value, time() + 2592000 (one month), '/', '.tribul.net');
Then, return the success message and refresh the main page on mydomain.net so it can read the new cookie value.. problem is, there's no cookie set. I've also been trying to set the cookie from mydomain.com (as .tribul.net) so it can be avaialable on all subdomains but it's available only on the main domain. What's wrong?
I need to connect all subdomains and the domain to the same cookie, TO BE NOTICED, I am setting the cookie in a backend file named process.php (placed in account.domain.com) as result of an ajax request.
Try this setcookie('session', $value, time() + 2592000 , '', '.tribul.net');
In php.ini:
session.cookie_path = /
session.cookie_domain = ".mydomain.com"
Set Cookie:
setcookie('session', $value, time() + 2592000, '/', 'mydomain.com');
I used Klaus Hartl's jquery cookie plugin in order to use my problem since I haven't been able to set up a global cookie from the ajax backend.
On mydomain.com if I run this code:
session_start();
$_SESSION['close_label'] = '1';
and then onspect the session cookie in my browser, it says:
domain: .mydomain.com
Is it possible to have it say:
domain: .someotherdomain.com
or not?
You cannot set cookies for a completely different domain. That would be a security nightmare. You can set cookies for the current domain and/or subdomains of it. That's all.
I am having a problem with setting cookie with php. I am trying to set a cookie (id) from www.example.com/login.php and I want to use from every place on the website. for example I want to use it in:
www.example.com/main.php
www.example.com/users.php
www.example.com/login.php
this is my php code
$expire = time() + 31556926;
$cookie_id = $insert_userid;
setcookie ("id");
setcookie("id", $cookie_id, $expire, '/', 'www.example.com');
i do not have any subdomain. Also For the domain index in the setcookie function I am not sure which on to provide. www.example.com or example.com
www.example.com
If you had subdomains and wanted to allow them:
.example.com
Wikipedia is pretty useful on this:
Most browsers, by default, allow first-party cookies—a cookie with
domain to be the same or sub-domain of the requesting host. For
example, a user visiting www.example.com can have a cookie set with
domain www.example.com or .example.com, but not .com.
I wonder how this quote from the PHP manual should be interpreted:
session.cookie_domain specifies the domain to set in the session
cookie. Default is none at all meaning the host name of the server
which generated the cookie according to cookies specification.
Does it mean that when calling session_start on URL www.somedomain.com/somepage.php the cookie will have the following form:
Set-Cookie PHPSESSID=e48gh5mqggccgmn8172f0j5a06; path=/; domain=.somedomain.com
Or
Set-Cookie PHPSESSID=e48gh5mqggccgmn8172f0j5a06; path=/; domain=www.somedomain.com
I have seen on index pages the first cookie header and on other pages a header without a domain.
Can someone bring some insight on this?
Thanks
No, php will usualy set the cookie for the current domain ex: wwww.domain.com.
To have everything consistent, you must either redirect all request to the same domain, or explicitly set the cookie for all subdomains.
EDIT: actualy, this is true for Firefox. I think PHP will not actualy set the domain, so the browser is free to use whatever he wants. Internet Explorer i think will set it for any subdomain
No PHP by default never set session cookie for all subdomains.
If you want to set a cookie across all subdomains then you can do this by using this code:
<?php
$currentCookieParams = session_get_cookie_params();
$rootDomain = '.example.com';
session_set_cookie_params(
$currentCookieParams["lifetime"],
$currentCookieParams["path"],
$rootDomain,
$currentCookieParams["secure"],
$currentCookieParams["httponly"]
);
session_name('mysessionname');
session_start();
setcookie($cookieName, $cookieValue, time() + 3600, '/', $rootDomain);
?>
For reference please visit http://www.php.net/manual/en/function.session-set-cookie-params.php
It does set the cookie for the domain visible in the client's browser (so, option 2 in your question). If you want to set a cookie for all subdomains you should call session_set_cookie_params() and put ".domain.com" in the $domain parameter.
How to get session cookies working / to be accessible under domain and subdomains?
For session cookies you need to override the cookie params:
So you can either use:
ini_set('session.cookie_domain', '.website.com');
or
session_set_cookie_params(0, '/', '.website.com');
The '.' in front makes it accessible under the domain and the subdomains.
Note: you will have to delete all existing cookies from your browser for the domain you're working with so they can be re-initialized properly to work.
If you set the cookie for the "top" domain (example.com), the cookie will also apply to subdomains (sub.example.com, another.example.com).
As an aside, this is the reason why some larger companies use completely separate domains to serve static stuff, like stackoverflow uses http://sstatic.net/
I'm assuming you are using setcookie(). If so just set the cookie for ".domain.com".
setcookie("testcookie", "1", 0, "", ".domain.com");